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(54) Data copyright management system and apparatus 

(57) There are provided a digital content manage- 
ment apparatus which further embodies a digital con- 
tent management apparatus used with a user terminal, 
and a system which protects the secrets of a digital con- 
tent. The system and the apparatus are a real time 
operating system using a micro-kernel, which is incor- 
porated in the digital content management apparatus as 
an interruption process having high priority, or is 
arranged in a network system using the digital content 
When a user uses the digital content, whether there Is 
an illegitimate usage or not, is watched by intenrupting 
the usage process. In the case where illegitimate usage 
is carried out, a warning is given or the usage is 
stopped. The decryption/re-encryption functions of the 
digital content management apparatus having the 
decryption/re-encryption functions are not restricted to 
the insMe of the user apparatus. By providing the 
decryption/re-encryption functions between the net- 
works, the exchange of secret inlbmiation between dif- 
ferent networks is secured. By using this apparatus for 
converting a crypt algorithm, information exchange is 
made possible between systems which adopt different 
algorithms. 



Fig. 1 




00 
00 

o 

Q. 
U 



ad by Xeim (UK) Business Ssivlces 



1 EPOS 

Description 

BACKGROUND OF THE INVENTION 

Raid of the Invention 

The present invention relates to a system for man- 
aging digital content, specificaiiy for managing a copy- 
right of digital content claiming the copyright and for 
securing secrecy of digital content, and also relates to 
an apparatus implementing this system. 

Background Art 

In Information- oriented society of today, a database 
system has been spread in which various data values 
having been stored Independently in each computer so 
far are mutually used by connecting computers by com- 
munication lines. 

The information having been handled so far by the 
database system is classical type coded information 
which can be processed by a computer and has a small 
amount of information or monochrome binary data lite 
facsimile data at most. Therefore, the database system 
has not been able to handle data wHh an extremely 
large anrount of information such as a natural picture 
and a motion picture. 

However, while the digital processing technique for 
various electric signals develops, development of the 
digital processing art has shown progress for a picture 
signal other than binary data having been handled only 
as an analog signal. 

By digitizing the above picture signal, a picture sig- 
nal such as a television signal can be handled by a com- 
puter. Therefore, a "multimedia system" for handling 
various date handled by a computer and picture data 
obtained by digitizing a picture signal at the same time 
is noticed as a future technique. 

Because hitherto widely-spread analog content Is 
deteriorated in quality whenever storing, copying, edit- 
ing, or transmitting it. copyright issues associated with 
the above operations have not been a large problem. 
However, because digital content Is not deteriorated In 
quality after repeatedly storing, copying, editing, or 
transmitting it. the control of copyrights assodated with 
the above operations is a large problem. 

Because there is not hitherto any exact method for 
handling a copyright for digital content the copyright Is 
handled by the copyright law or relevant contracts. Even 
in the copyright law, compensation money for a dlgltel- 
type sound-or picture- recorder Is only systematized. 

Use of a database includes not only referring to the 
contents of the database but also normally effectively 
using the database by storing, copying, or editing 
obtained digital content. Moreover, It Is possible to 
transmit edited digital content to another person via on- 
line by a communicatfon line or via off-line by a proper 
recording medium. Furthermore, it is possible to trans- 
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mH the edited digital content to the database to enter it 
as new digital content. 

In an existing database system, only character data 
Is handled. In a multimedia system, however, audfo data 
5 and picture data which are originally analog content are 
digitized to a digital content and formed into a database 
In addition to the data such as characters which have 
been formed into a database so far 

Under the above situation, how to handle a copy- 
10 right of digital content formed Into a database is a large 
problem. However, there has not been adequate copy- 
right management means for solving the problem so far, 
particulariy copyright management means completed 
for secondary utilization of the digital content such as 
15 copying, editing, or transmitting of the digital content. 
Although digital content refen-ed to as software with 
advertisement or as freeware is, generally, available 
free of charge, it is copyrighted and ita use may be 
restricted by the copyright depending on the way of use. 
so In view of the above, the Inventor of the present 
invention has made various proposals thus far in order 
to protect a copyright of the digital content. In GB 
2269302 and U. S. Patent 5,504,933, the Inventor has 
proposed a system for executing copyright manage- 
as ment by obtaining a permit key from a key management 
center through a public telephone line, and has also 
proposed an apparatus for that purpose in GB 2272822. 
Furthermore, in EP 677949 and in EP 704785, a system 
has been proposed for managing the copyright of the 
30 digital corrtent. 

In these systems and apparatus, those who wish to 
view encrypted programs request to view a program 
uing a communication device to a management center 
via a communication line, and the management center 
35 transmits a permit key In response to the request for 
viewing, and charges and collecte a fee. 

Upon receipt of the permit key. those who wish to 
view the program send the permit key to a receiver 
either by an on-line or an off-line means and the 
40 receiver, which has received the permit key, decrypts 
the encrypted program according to the permit key 

The system described In EP 677949 uses a pro- 
gram and copyright information to manage a copyrlgfrt 
in addition to a key for permitting usage in order to exe- 
45 cute the management of the copyright In displaying 
(including process to sound), storing, copying, editing, 
and transmitting of the digital content In a database sys- 
tem, including the real time transmission of digital pic- 
ture content. The digital content management program 
50 for managing the copyright watches and manages to 
prevent from using the the digital content outside the 
conditions of the user's request or permission. 

Furthermore, EP 677949 discfoses that the digital 
content is supplied from a database in an encrypted 
55 state, and Is decrypted only when displayed and edited 
by the digital content management program, while the 
digital content Is encrypted again when stored, copied 
or transmitted. It is also described that the digital con- 
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tent management program itself is encrypted and is 
decrypted by the permit l<ey, and tliat ttie decrypted dig- 
ital conterrt management program performs decryption 
and encryption of the digital content, and when usage 
other than storing and displaying of the digital content is 
executed, the copyright information is stored as a his- 
tory, in addition to the original copyright information. 

In U. S. Patent Application No.08«49,270 and EP 
0715241 relating to the present application, there is pro- 
posed an apparatus for decryption/i-e-encryption having 
configuration of a board, PCMCIA card or anIC card for 
managing the copyright, aixi a system for deposHing a 
crypt key. Also, a reference is made to apply the copy- 
right management method to a video conference sys- 
tem and an electronic commerce system. 

In U.S. Patent Application No.08/549,271 and EP 
709760, a system has been proposed wherein the pro- 
tection of an original digital content copyright and an 
edited digital content copyright in case of the edited dig- 
ital content using a plurality of digital contents is carried 
out by confirming the validity of a usage rquest accord- 
ing to a digital signature on an edit program by combin- 
ing a secret-key cryptosystem and a public- key 
cryptosystem. 

In U.S. Patent Application No.08/573,958 and EP 
71 9045, various forms have been proposed for applying 
the digital content management system to database 
and video-on-demand (VOD) systems or an electronfe 
commerce. 

In U.S. Patent Applicatton No.08«63,463, EP 
746126, a system has been proposed, in which copy- 
rights on an original digital content and a new digital 
content are protected by using a third crypt key and a 
copyright label in case of using and editing a plurality of 
digital contents. 

As can be understood from the digital content man- 
agement systems and the digital content management 
apparatus which have been proposed by Hie inventor of 
the present invention, described above, the manage- 
ment of a dig'rtal content copyright can be realized by 
restricting encryption/decryption/re-encryption and the 
form of the usage by using the copyright management 
program. The cryptography technology and the usage 
restriction thereof can be realized by using a computer. 

In OKler to use the computer efficiently, an operat- 
ing system (OS) is used which, supervises the overall 
operation of the computer. TTie conventional operating 
system used on a personal computer or the like is con- 
stituted of a kernel for handling basic services such as 
memory control, task control, interruption, and commu- 
nication between processes and OS services for han- 
dling other services. 

However, improvement in the functions of the OS 
which supervises the overall operation of computers is 
now being demanded where circumstances change on 
the computer side, such as improved capability of 
microprocessors, a decreased price of RAM (Random 
Access Memory) used as a main memory, as well as 



improvement in the performance capability of comput- 
ers is required by users, as a consequence, the scale of 
an OS has become comperatively larger then before. 
Since such an enlarged OS occupies a large space 
5 itself in the hard disk stored OS, the space for storing 
the application programs or data needed by the user is 
liable to be insufficient, with the result in which the 
usage convenience in the computer becomes unfavora- 
ble. 

10 In order to cope with such a situation, in the latest 
OS, an environmental sub- system for performing emu- 
lation of other OS and graphics displaying, and a core 
sub- system such as a security sub-system are 
removed from ihe kernel, as a sub- system that is a part 

15 that depends on the user. The basic parts such as a 
HAL (hardware abstraction layer) for absorbing differ- 
ences in hardware, a scheduling function, an interrup- 
tion function, and an I/O control function is a micro- 
kernel, and a system service API (Application Program- 

20 ming Interface) is interposed between the sub- system 
and the micro- kernel, thereby constituting the OS. 

By doing so, extension of the OS by change or addi- 
tion of functions will be improved, and portability of the 
OS can be facilitated corresponding to the applications. 

25 By a distributed arrangement for elements of the micro- 
kernel to a plurality of network computers, the distrib- 
uted OS can also be realized without difficulty. 

Computers are used in computer peripheral units, 
various control units, and communication devices in 

30 addition to the personal computers represented by the 
desktop type or notebook type computers. In such a 
case, as an OS unique for embedding, applicable to 
each of the devices, a real time OS is adopted in which 
execution speed is emphasized, unlite a general-pur- 

35 pose personal computer OS, in which the man- 
machine interface is emphasized. 

Naturally, the development cost for a respective OS 
unique to each device embedded will be high. There 
has recently been proposed, therefore, that a general- 

40 purpose OS for personal computers as a real-time OS 
for embedding is used instead. By arranging a specified 
program for embedding in a sub- system combined with 
the micro-kernel, a real-time OS for embedding can be 
obtained. 

45 As the nrajor functions of an OS, there is a task con- 
trol, such as scheduling, interruption processing, and 
the like. With respect to task control, there are two kinds 
of OS's; the single-task type, in which only one task is 
executed at the same time, and the multi-task type, in 

50 which a plurality of task processes are executed at the 
same time. TTie multi-task type is further classified into 
two kinds; one multi-task type, changing of tasks 
depends on the task to be executed, and the other multi- 
task type, the changing does not depend on the task to 

55 be executed. 

In the aforementioned types, the single-task type 
assignes one process to a CPU (central processing 
unit) and the CPU is not released until the process 
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comes to an end. and a non-preemptive multi-task type 
performs time-division for tlie CPU, and tlie CPU can be 
assigned to a plurality of processes. As long as the 
process which is being executed does not give control 
back to the OS, other processes are not executed. And 
a preemptive muHi-task type interrupts the process 
which is being executed during a certain time interval 
and thereby forcibly move the control to another proc- 
ess. Consequently, real time multi-task can be available 
only in the case of the preemptive type. 

Task control in a computer Is performed according 
to processes being units having system resources such 
as a memory and a file. Process control is performed 
according to a thread, being a unit in wfiich CPU time is 
assigned, in which the process is minutely divided. Inci- 
dentally, in this case, the system resources are shared 
in all the threads in the same process. More than one 
threads, therefore, may exist which share the system 
resources in one process. 

Each task which is processed by the multi- task 
type has a priority spectrum, which Is generally divided 
into 32 classes. In such a case, a normal task without 
interruption is classified into dynamic classes which are 
divided into 0 to 15 classes, while a task performing 
interruption is classified into real- time classes divided 
into 16 to 31 classes. 

Interruption processing is carried out using inter- 
ruption enabling time (generally, 10ms) refen-ed to as a 
time slice, as one unit. A normal interruption Is earned 
out during a time slice of 10ms. In such a situatnn, a 
time slice has recently been proposed wherein the inter- 
ruption enabling time is set to 1 00 us. When such a real 
time slice is used, an interruption can be carried out with 
greater priority than the conventional 10 ms. 

SUMMARY OF THE INVENTION 

In the present application, there is proposed a dig- 
ital content management apparatus which farther 
embodies a digital content management apparatus 
which can be used with the user terminal proposed in 
EP 704785, for managing a digital content, specifically, 
a copyright of the digital content claiming the copyright. 
And also there is proposed a system to which the idea 
applied to the digital content management apparatus is 
further applied for secrecy protection of the digital con- 
tent. 

In the present application, a system for watching 
the illegitimate usage of the digital content and an appa- 
ratus therefor are proposed. These system and appara- 
tus are a real time operating system using a micro- 
kernel, and are incorporated in the digital content man- 
agement apparatus as an interruption process having a 
high priority, or are arranged in a network system using 
the digital content It is watched whether an illegitimate 
usage or not, by interrupting into the use process when 
a user utilizes the digital content In the case where ille- 
gitimate usage is performed, a warning or a stop for the 



usage is given. 

Furthermore, in the present application, decryp- 
tion/re-encryption functions in the digital content man- 
agement apparatus having the decryption/ire-encryption 

5 functions are not restricted within the user apparatus 
but are provided in a gateway or a node between the 
networks, so that the exchange of secret information is 
secured between different networks. 

By using the apparatus according to the present 

10 invention, for the conversion of crypt algorithm, informa- 
tion exchange can be made possible between systems 
which adopt different crypt algorithms. 

RRIFF nFRORIPTIONOF THF DRAWINGS 

15 

Figure 1 Is a staictural view of a digital content 
management system to which the present invention is 
applied. 

Figure 2 is a structural view of a digital content 
20 management apparatus to which the present invention 
is applied. 

Figure 3 is a structural view of another digital con- 
tent management apparatus to which the present inven- 
tion is applied. 

25 Figure 4 is a structural view of a system for watch- 
ing the digital content usage according to the present 
invention. 

Figure 5 is a structural view of a system for protect- 
ing digital content secrecy according to the present 
30 invention. 

nFTAILED DESCRIPTION OF THE INVENTION 

The description of the preferred embodiments 
35 accoiding to the present invention is given below refer- 
ring to tiie accompanied drawings. 

Figure 1 shows a structure of the digital content 
management system to which the present application 
applies. 

40 In this digital content management system illus- 
ti-ated in Figure 1, reference numerals 1, 2 and 3 repre- 
sent databases stored text data, binary data of a 
computer graphhics screen or a computer program and 
digital content of sound or picture data, which are not 

45 enaypted. 9 represents a communication network con- 
stttuted of using a public telephone line offered by a 
communication enterprise or a CATV line offered by a 
cable television enterprise. 4 represents a primary user 
terminai. 5 represents a secondary user terminal. 6 rep- 

50 resents a tertiary user terminal, and 7 represents an n- 
order user terminal, and 8 represents a digital content 
management center. 

On the above arrangement, the databases 1, 2, 3, 
the digital content management center 8, primary user 

55 terminai 4. secondary user terminal 5, tertiary user ter- 
minal 6, and n-onder user terminal 7 are connected to 
the communication network 9. 

In this figure, a path shown by a broten line repre- 
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sents a path for transferring encrypted digits content, a 
path shown by a solid iine represents a path for Iransfor- 
rlng requests from each of the user temiinals 4, 5, 6. 7 
to the digital content management center 8 and data- 
bases 1 , 2, 3, a path shown by a one-dot chain line rep- 
resents a path through wNch a permit key 
corresponding to a usage request, a digital content 
management program and a crypt key are transferred 
from each of the databases 1 , 2, 3, and the digital con- 
tent management center 8 to each of the user terminals 
4, 5. 6, 7. 

This digital content management system employs a 
first puWic-tey Kbi, a first private-key Kvl correspond- 
ing to the first public-key Kb1 , a second public-key Kb2, 
and a second private-key Kv2 con^esponding to the sec- 
ond public-key Kb2 that are prepared by the user, and a 
first secret-key Ks1 and a second secret-key Ks2 pre- 
pared by the database. The database enaypts digital 
content M by using the first secret-key Ksl : 

Cmks1 -E(Ks1,M), 

and further encrypts ttie first secret-toy Ksl by the first 
public-key Kb1: 

Cks1kb1=E(Kb1,K5l) 

and the second secret-lay 1^ by the second public- 
key KbZ: 

Cks2kb2 = E (Kb2, Ks2). 

The database then transfers these encrypted digital 
content Cmksl. the first and the second secret-keys 
Ckslkbl and Ck2kb2 to the user. 

The user decrypts the enaypted first secret-key 
Ckslkbl using the first private- key Kvl : 

Ksl =D(Kv1, Ckslkbl). 

and decrypts the encrypted digital content Cmksl by 
the deaypted first secret-key 1^1: 

M = D (Ksl. Cmksl) 

and uses it The user decrypts encrypted second 
secret-key Cks2kb2 by the second private-key Kv2: 

Ks2 = D (Kv2, Cks2kb2), 

which is subsequently used after decryption as a crypt 
key for storing, copying, or transfenrlng digital content. 

If the primary user 4 copies digital content obtained 
and then supplies H to the secondary user 5, the digital 
content does not involve the copyright of the primary 
user 4 because no modifications have been made to the 
digital content. H. however, the primary user 4 produces 
new digital content based on the digital content 



obtained or using a means for combining with other dig- 
ital content, the new digital content involves a second- 
ary copyright for the primary user 4, and the primary 
user 4 has the original copyright for this secondary 
5 work 

Similarly, if the secondary user 5 produces further 
new digital content based on the digital content 
obtained from the primary user 4 or using a means of 
combining with other digital content, the new digital con- 

10 tent involves a secondary copyright for the secondary 
user 5, and the secondary user 5 has the original copy- 
right of this secondary work. 

Databases 1, 2. and 3 store i&A data, binary data 
constituting computer graphics screens or programs 

15 and digital content such as digital audio data and digital 
picture data, which are to be encrypted and supplied to 
the primary user terminal 4 via networks during a digital 
content read operation in response Id a request from 
the primary user terminal 4. 

20 Managing the digital content obtaining from the 
database is can-ied out by the method described in Jap- 
anese Patent Laid-open No. 185448/1 996 or in Japa- 
nese Patent Laid- Open No.287014/1996. which have 
been proposed by the present inventor. 

25 Recently, a PCI (Peripheral Component Intercon- 
nect) bus has attracted attention as means for imple- 
menting a multiprocessor configuration in a typical 
personal computer. The PCI bus Is a bus for external 
connection connected to a system bus of a computer 

30 via a PCI bridge, and allows to implement a multiproc- 
essor configuration. 

The digital content includes graphics data, compu- 
ter programs, digital audio data, still picture data by 
JPEG and also moving picture data by MPEG 1 or 

35 MPEG 2. in addition to character data. In case that the 
digital content to be managed is moving picture data by 
JPEG still picture system or moving picture data by 
MPEG 1 or MPEG 2, as having remarkably large 
amount of data with high speed, managing the digital 

40 content by a single processor is difficult. 

Rgure 2 is a block diagram illustrating an arrange- 
ment of a digital content management apparatus used 
for managing the digital content of the above in the dig- 
ital content management system shown in Figure 1 . 

45 The digital content management apparatus com- 
prises a first digital content management apparatus 12 
connected to a user terminal 11 and a second digital 
content management apparatus 13. 

The first digital content management apparatus 12 

50 has a computer configuration having a MPU (Micro- 
Processor Unit) 24. a local bus 25 of MPU 24. ROM 
(Read-Only Memory) 26 connected to the local bus 25. 
RAM 27 and EEPROM (Electrically Erasable Program- 
mable Read-only Memory) 31 . 

55 A PCI bus 23 is connected to a system bus 1 5 for a 
microprocessor 14 of the user terminal 11 via a PCI 
bridge 22 and the local bus 25 for the MPU 24 of the dig- 
ital content management apparatus 12. and also a local 
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bus 30 for MPU 29 of the digital content management 
apparatus 13 are connected to the PCI bus 23. Also 
connected Id the system bus 15 of the user terminal 1 1 
are a communications device (COMM) 21 which 
receives digital content from external databases and 
transfers digital content to the external of the terminal, a 
CD-ROM drive (CDRD) 20 which reads digital content 
supplied on CD-ROM, a flexible disk drive (FDD) 19 
which copies received or edited digital content in a flex- 
ible disk to supply to the external of terminal, and hard 
disk drive (HDD) 18 used for storing digital content 
COMM 21, CDRD 20, FDD 19, and HDD 18 may also 
be connected to the PCI bus 23. While ROM. RAM etc., 
of course, are connected to the system bus 15 of the 
user terminal, these are not shown in Figure 2. 

The decryption and re-encryption operations are 
performed by either of the MPU 24 of the first digital 
content management apparatus 12 and the MPU 29 of 
the second digital content management apparatus 13, 
i.e., one performs decryption and the other performs re- 
encryption at the same time. Since the configuration of 
the MPU 24 and MPU 29 in Rgure 2 Is a muHiprosessor 
configuration which performs parallel processing with a 
PCI bus 23, high processing speed can be achieved. 

In the digital content management apparatus 
shown In Figure 2. the storage device, such ss HDD 18, 
for storing re-encrypted digital content is connected to 
the system bus 15 of the user terminal 1 1. In order to 
store re-encrypted digital content, therefore, the 
encrypted digital content must be transferred by way of 
the system bus 15 of the user terminal 1 1 and the local 
bus 25 or 30 of the digital content management appara- 
tus 12 or 13, and consequently, processing speed can 
be slowed. 

In the digital content management apparatus 
shown In Figure 3, a communications device COMM 
and a CD-ROM drive CDRD are connected to a local 
bus of a digital content management apparatus for 
decryption, and a storage device such as HDD for stor- 
ing re-encrypted digital content is connected to the local 
bus of a digital content management apparatus for re- 
encryption. 

The digital content management apparatus 35 for 
decryption has the computer system configuration hav- 
ing a MPU 37. a local bus 38 for the MPU 37. and ROM 
39. RAM 40 and EEPROM 41 connected to the local 
bus 38, and a communication device COMM 42 and a 
CD-ROM drive CDRD 43 are connected to the local bus 
38. The encrypted digital content supplied from the 
communication device COMM 42 and the CD-ROM 
drive CDRD 43 is decrypted in this apparatus. 

The digital content management apparatus 36 fbr 
re- encryption has the computer system configuration 
having a MPU 44. a local bus 45 for the MPU 44, and 
ROM 46. RAM 47 and EEPROM 48 connected to the 
local bus 45, and HDD 39 is connected to the local bus 
45. The digital corrtent which has been re-encrypted in 
the digital content management apparatus 36 for re- 



encryption is stored in HDD 39. 

In the protection of a digital content copyright, the 
greatest issue is how to prevent from illegitimate usage 
of the digital conterrt on the user side apparatus. 

5 Decryption/re-encryption and restriction on usage are 
carried out by a digital content management program for 
this purpose. 

However, since decryptionAe-encryption of the dig- 
ital content to be protected the copyright is performed 

10 using an apparatus on the user side, it is virtually impos- 
sibie to expect that processing of the decryption/re- 
encryption and the management of the crypt key which 
Is used for the purpose will be complete. There is a pos- 
sibility that the digital content will be illegitimately 

IS stored, copied, transmitted and edited by invalidating 
the digital content management program. 

In order to restrict such illegitimate usage, it is 
required that a digital content management program for 
decryption/re-encryption of the digital content, and for 

20 managing the crypt key cannot be altered by the user. 
For this purpose, incorporation of the digital content 
management program into the hardware is the most 
secure method. 

For example, there is a configuration in which a 

25 dedicated saamble decoder is cun-ently used for 
descrambling scrambled broadcast programs In analog 
television broadcast, so that decryption/re-encryption of 
the digital content and management of the crypt key are 
available only by using a dedicated digital content man- 
so agement apparatus. 

Although such a configuratton is reliable, the sys- 
tem structure is lacking in flexibility. When the apparatus 
on the user side is changed, or the digital content man- 
agement program is changed, it is very hard for the user 

35 to respond to such changes. In case of a network com- 
puter on which has been recently focused, since the 
network computer does not have a function for storing 
the digital content management program, it would be 
impossible to realize the digital content management 

40 program in the hardware. 

In order to correspond with flexibility to a case 
where the apparatus on the user side changes, or a 
case where the digital content management program is 
changed, it is desirable for the digital content manage- 

45 ment program to be software. Howa^er, there is a possi- 
bility that the digital content management program is 
aHered as long as the digital content management pro- 
gram is an application program. 

For the digital content management program being 

50 software, the digital content management program is 
required to be incorporated in a kernel that is a fixed 
area in OS and cannot be altered by the user. However, 
it is not practical for the digital content management pro- 
gram to be incorporated in the fixed area of the kernel. 

55 where the digital content management system and the 
cryptosystem are differentiated between the databases. 

As described above, some real time OS can per- 
form interruption in real time slice time which is one or 
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two figures faster than the time slice of the system in 
another OS that includes l<ernel area. By using this 
technology, the usage status of the digital content which 
is claiming the copyright, Is watched without affecting 
the overall operation. And if an lllegitiniate usage Is 
found, it is possible to give a warning or to forcibly stop 
the usage thereof. 

Next, a method for reinforcing a digital content man- 
agement program by using a real time OS is described. 

The digital content management apparatus shown 
in Rgure 2 has a multi- processor structure in which a 
first digital content management apparatus 12 and a 
second digital content management apparatus 13 are 
connected to an apparatus on the user side via a PCI 
bus. The decryption operation of the first digital content 
management apparatus 12 and re-encryption operation 
of the second digital content management apparatus 13 
are controlled by the digital content management pro- 
gram in the user terminal 1 1 . 

The digital content management program of the 
user terminal 11 also manages the operations of the 
communication device 21, the CD-ROM drive 20, the 
flexible disk drive 19 and the hard disk drive 1 8, which 
manages loading or downloading of encrypted digital 
content, and storing into the hard disl< drive 18, copying 
to the flexible disk drive 1 9 and uploading to the commu- 
nication device 21 of re-encrypted digital content. 

Since illegitimate usage of the digital content is car- 
ried out by unauthorized editing, unauthorized storing, 
unauhorized copying or unauthorized uploading of the 
decrypted digital content, whther the illegitimate usage 
has been can-ied out or not, can be detected by whether 
editing, storing, copying or uptoading of the decrypted 
digital content Is performed or not. As a consequence, 
the process for watching the illegitimate usage inter- 
rupts a digital content use process which is being exe- 
cuted in a certain time interval, while interrupting by a 
preemptive type multi-task which forcibly carries out 
watching of the process. 

The multi-task time slice nomrally carried out is 
10ms, and the decryption/re-encryption process is car- 
ried out in this time unit. On the other hand, the fastest 
real time slice is 100 ns, which is 1/100 of the normal 
time unit Consequently, the watching task, which has 
high inten-uption priority, can watch the digital content 
as to whether the decrypted digital content is being 
edited, stored, copied or uploaded, so that the usage 
status of the digital content for wtiich the copyright is 
claimed can be watched without affecting regular usage 
by the user, and the illegitimate usage is found, a warn- 
ing can be given and usage thereof can be forcibly 

'°'^e digital content managemerrt program with such 
a watching function is incorporated into a sub- system 
area which Is operated in the user mode in place of the 
kernel of the OS, and the watching process is regarded 
as a process with a high priority. By constituting the sys- 
tem in this way, the usage status of the digital content by 



decryptlon/lre-encryption and also the illegitimate usage 
other than the permitted usage can be watched at the 
same time, and such watching can be executed 
smoothly. 

5 Since these operations are the same in the case of 
the digital content management apparatus which is 
shown in Figure 3. a further explanation thereof is omit- 
ted. 

Next, a structure for watching the illegitimate usage 

w of the digital content in the distributed OS is described 
referring to Rgure 4. Figure 4 illustrates a structure of a 
general distributed type OS, in which servers 51 to 54 
and clients 55 to 58 are connected to a network 50. 
The network 50 is a restricted network such as LAN 

15 (Local Area Networi<) in a office. Each of the servers 51 
to 54 stores bask; OS elements of the micro-kernel, 
application elements which are a sub-system, or the 
digital content In order to manage the digital content, 
the digital content management program which has 

20 been described so far is required. This digital content 
management program is stored, for example, in the 
server 54. And the watching program for watching the 
illegitimate usage of the digital content having a high pri- 
ority for interruption is stored, for example, in the super- 

25 visory server 51 for supervising the overall operation of 
the distributed OS. 

Although the terminal apparatus of the clients 55 to 
58 is a simple terminal, the terminal is provided with a 
copying device such as a flexible drive or the like when 

30 necessary. 

In such a structure, when the clients 55 to 58 use 
the digital content which is stored in the servers 51 to 
54, the clients 55 to 58 are supplied the micro-kernel 
that is the basic OS elements from each of the servers, 

35 and also supplied the digital content management pro- 
gram which is stored In the server 54, and thus, the dig- 
ital content can be used. 

The digital contents stored in the server are either 
encrypted or not encrypted. In either of these cases, the 

AO digital content is supplied with encrypted when supplied 
to the clients. Therefore, in order for the client to use the 
encrypted digital content, it is necessary to obtain the 
crypt key and to decrypt by the digital content manage- 
ment program as has been described above. 

45 The fact that the client uses the digital content and 
the digital content management program is grasped by 
the supervisory server 51. This watehing process auto- 
matically interrupts the process which is being executed 
by the client at regular intervals without the client* 

50 request, and watchs, and gives a warning or stop of the 
usage if an illegitimate usage is detected. 

Since such a watching process can be completed 
with a process having a small size, and therefore, that 
affects little on the operation on the client side, and the 

55 user does not notice the operation of the watching pro- 
gram. 

In the distributed OS. the sewers and the clients 
have been explained as separated. However, the afore- 
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mentioned structure may be applied when a client 
machine is provided with a tiard disk drive, and the cli- 
ent machine also serves as the server machine. When 
the network 50 is not a restricted one as LAN in a office, 
but a non- restricted one such as the Internet system, 5 
the aforementioned structure can be also applied. 

In particular, such a structure Is effective in a net- 
work computer system. Even in the case where the user 
modifies a computer not provided with a storage device, 
a copying device or a communication device for trans- 10 
mission, or use a nornral computer pretending to be of a 
network computer system, the digital content can be 
managed by remote control. 

Furthermore, the structure can be applied to the 
digital content management system shown in Figure 1 . is 
In such a case, the watching program Is stored in the 
digital content nranagement center 8 of Figure 1 to reg- 
ularly watch whether users illegitimately use the 
encrypted digital content supplied from the database 
through the network 9 by remote control. 20 

In case that the digital content is broadcast via ana- 
log data broadcast or via digital data broadcast, the 
watch program may be transferred by inserting to the 
digital content. Alsa the watch program may be resident 
in a apparatus of the digital content user so that the 25 
remote control is made possible by periodically broad- 
casting watch program control signal. 

In the case where the digital content having a large 
amount of information, such as digital picture content is 
handled In the digital content management system so 
which is carried out via the network, an ISDN (Inte- 
grated System for Digital Network) line is used in many 
cases as a communication line. 

As the ISDN line, there are generally used two data 
channels having data transmission speed of 64 Kbps 35 
(Wlo bits per second) referred to as B cannels. and a 
control channel having data transmission speed of 16 
Kbps referred to as D channel. Naturally, the digital con- 
tent is transmitted through one or two data channels, 
while the D channel is not used in many cases. 40 

Thus, if the D channel is used for the inten-upting 
watching by the wateh program, it would be possible to 
watch the usage status by remote control without affeo- 
tioning the usage of the digital content at all. 

When the user uses infbnnation to which a copy- « 
right Is claimed, the real time OS is automatically llnted 
to the key center, it is also possible to watch and man- 
age the re-encryption mechanism with a real time OS 
as a result. 

Further, in the case where a digital content creator so 
or an end user uses information to which a copyright is 
claimed, a re-encryption program resident in the PC 
uses the real time OS so that remote watching and 
managing can be made possible. 

Next, application of the digital content management 55 
system to the prevention of the leakage of information is 
desaibed. Figure 5 illustrates a structure of the system 
lor preventing from the leakage of infomration by apply- 



ing the system to an intranet system in which a LAN is 
connected to the Internet system. 

In Figure 5. reference numerals 60, 61 . and 62 rep- 
resent the network systems which are connected to 
each other by a public lines 63, 63. In particular, the net- 
work system 62 is a LAN system established in a office 
or the like. These network systems are connected with 
each other via a public communication line or the like to 
constitute an Internet system as a whole. Clients 64. 64. 

64 are connected to the LAN system 62 and servers not 
shown in the figure are connected in addition. 

The LAN system has secret data such as business 
secrets and the like therein. Since the LAN system is 
connected to the outside network, the problems of the 
leakage of the secret information to the outside, or of 
the access to the secret information from the outside 
may arise. As a consequence, although an information 
partition, called a 'lire-wall," is normally provided 
between the LAN system and the public line, that is not 
technologically perfect. Also, even in the case of the 
business secret data, it may be necessary to supply the 
business secret data to another party, where the 
another party network has a common interest, and in 
such a case, the presence of the fire-wall becomes an 
obstacle. 

As has been desaibed repeatedly, the manage- 
ment of the secret data can be completely carried out 
through encryption. In the case where the crypt algo- 
rithm used in the other party networi< is common with 
the algorithm used in the one's own network, the secret 
data can be shared by sending the crypt key to the other 
party by some means. In the case where the crypt algo- 
rithm used in the other parly network is different from 
the algorithm which Is used in one's own network, such 
means cannot be adopted. 

In order to cope with such a problem, crypt toy con- 
version devices 65, 66 and 67 are an-anged in place of 
or together with the fire-wall in the Internet system 
shown in Figure 5. These crypt key conversion devices 
65, 66 and 67 have the same configuration as the digital 
content management apparatus vKhich have been 
described by using Figures 2 and 3. and perform 
decryption/re-encryption by two differerrt crypt kejre. 

For example, the crypt algorithm conversion device 

65 decrypts the data which is encrypted by a crypt algo- 
rithm unique to the network 60 and re-encrypis the 
decrypted data by a crypt algorithm which is common in 
the whole Internet system. The crypt algorithm conver- 
sion device 67 that has received the re-encrypted data 
decrypts the re-encrypted data, encrypts the decrypted 
data by the crypt algorithm unique to the network 62, 
and supplies it to the client 64. 

By doing so, it becomes possible to handle the 
encrypted data between networis that adopt different 
crypt algorithms. Here, there may be two cases; one is 
a case in which the aypt key is not changed at all, and 
the other is a case in which the crypt tey is changed at 
each stage. 
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In using databases, in a case where a data storing 
server referred to as "proxy server" or "ctiactie server" is 
used, and wtiere the digital content is encrypted, ttie 
crypt toy or crypt algorittim used between the data 
server and the proxy server may be diffrentiated from 
the crypt Iwy or crypt algorithm used between the proxy 
server and a user, and then, the conversion of them is 
can-led out by using the crypt key conversion device or 
crypt algorithm conversion device, so that the encrypted 
digital content can be presented from illegitimate usage 
thereof. 

The conversion of the crypt algorithm by these 
devices can be effected by units of countries. Even In 
the case where crypt algorithms are used which differ 
from one country to another. It becomes possible to 
adopt a key escrow system unique to the respective 
country, or a key recovery system using the key escrow 
system. 

For example, the crypt key conversion device 65 
decrypts an encrypted data from the network 60, and 
re-encrypts the decrypted data by using the crypt key 
common to the whde Internet system. The crypt key 
conversion device 67 which has received the re- 
encrypted data decrypts the re-encrypted data by using 
the crypt key common to the whole Internet system, and 
re-encrypts the decrypted data and supplies it to the cli- 
ent 64. By doing this, the problem of sending the crypt 
key is alienated. 

These aypt key conversion devices 65, 66 and 67 
can be an-anged in a gateway or a node which is used 
as a connection between networks. Further, even In a 
closed network system other than the Internet, which Is 
a liberated system, this system functions efficiently In 
such cases where Individual Information such as relia- 
bility information, medical Information or the like Is han- 
dled, and where access to the data Is necessary to differ 
by levels. 

These crypt key conversion devices also can be 
used so as to convert the crypt algorithm. There are plu- 
rality of CTypt algorithms which are cun-ently used or 
proposed. In the vrarst case, a plurality of networks 
using different crypt algorithms respectively coexist, 
and thus, compatibility is lost, which becomes an obsta- 
cle to the development of the information oriented soci- 
ety. Even if a new effective crypt algorithm is developed, 
and if it has not compatibility with the existing crypt algo- 
rithm, an obstacle to the development of the Information 
oriented society may similarly be brought. 

In order to cope with such problems, the crypt algo- 
rithm can be converted by arranging the crypt key con- 
version devices 65, 66 and 67 of Figure 5 in the gateway 
or in the node. These crypt algaithm conversion 
devices decrypt the encrypted data to be re-encrypted 
with a different crypt algorithm. 

Claims 

1. A digital content management system which uses a 



digital content, for managing digital content copy- 
rights having: 

a server in which a watch program with high 
5 intenuption priority is stored, and being consti- 

tuted as a real time operating system using a 
micro-kernel, in a network. 

2. A digital content management apparatus used via a 
10 user terminal which uses a digital content, for man- 
aging digital content copyrights, comprising: 

said digital content management apparatus 
comprising a microprocessor, a microproces- 
15 sor bus, a read-only semiconductor memory, 

an electrically erasable and programmable 
read-only memory, and a read/write memory, 
wherein: 

20 sad microprocessor, said read-only semicon- 

ductor memory, said electrically erasable and 
programmable read-only memory and said 
read/write memory are connected to said 
microprocessor bus, and a system bus of said 

25 user terminal is capable of being connected to 

said microprocessor bus; 

a digital content management system program, 
a crypt algorithm, and a wateh program which 
30 Is a micro-kernel type real time operating sys- 

tem are stored in said read-only semiconductor 
memory; and 

a first public-key, a first private-key, a second 
35 public-key, a second private-key, a digital con- 

tent management program, a first secret-key, a 
second secret key and copyright information 
are stored in said electronically erasable and 
programmable read-only menrrery. 

40 

3. A digital content management system which pro- 
tects the secrets of a digital content in a network 
having a decryptlon/re-encryption apparatus 
between networks. 

45 

4. A digital conterrt management apparatus which pro- 
tects the secrets of a digital content in a network 
comprising: 

50 said digital content management apparatus 

comprising a microprocessor, a microproces- 
sor bus, a read-only semiconductor memory, 
an electrically erasable and programmable 
read-only memory and a read/Write memory, 

55 wherein 

said mlCToprocessor, said read-only semicon- 
ductor memory, said electrically erasable and 
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programmable read-only memory and said 
read/Write memory are connected to said 
microprocessor bus, and a system bus of the 
user tenninal is capable of being connected to 
said microprocessor bus; s 

a digital content management system program, 
a crypt algorithm, and a watching program 
which is a micro-kernel type real time operating 
system are stored in said read-only semlcon- 10 
ductor memory; and 

a first public-key, a first private4®y. a second 
public-key, a second private-tey, a digital con- 
tent management program and a first secret- is 
key, a second secret-key, and copyright infor- 
mation are stored in said electrically erasable 
and programmable read-only memory. 

5. A digital content management apparatus according 20 
to claim 2 or 4, which is configured in the form of an 
ICchip. 

6. A digital content management apparatus according 

to claim 2 or 4. which is configured in the form of an zs 
ICcard. 

7. A digital contents management apparatus accord- 
ing to claim 2 or 4, which is configured in the fonn of 
aPCcard. ao 

8. A digital contents management apparatus accord- 
ing to claim 2 or 4, which is configured in the form of 
an Inserted board. 
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Fig. 3 
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a system which protects the secrets of a digital content. 
The system and the apparatus are a real time operating 
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the digital content management apparatus as an inter- 
ruption process having high priority, or is arranged in a 
network system using the digital content. When a user 
uses the digital content, whether there is an illegitimate 
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tion/re-encryption functions of the digital content man- 
agement apparatus having the decryption/re-encryption 
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tions between the networks, the exchange of secret in- 
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ing this apparatus for converting a crypt algorithm, in- 
formation exchange is made possible between systems 
which adopt different algorithms. 
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